tag:blogger.com,1999:blog-78818988463972499012024-03-19T04:48:22.349+02:00Core DumptMiscellaneous musings from a struggling sysadmin.llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.comBlogger89125tag:blogger.com,1999:blog-7881898846397249901.post-71517352728392285122018-02-25T03:37:00.002+02:002018-02-25T03:37:41.541+02:00Core Dumpt moving to robin.lauren.fiMy next post will be on <a href="https://robin.lauren.fi/">robin.lauren.fi</a> (no nifty name yet).llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-6322064636359158462018-02-12T19:06:00.001+02:002018-02-12T19:07:01.798+02:00Licensing a vmWare vCenter Server<p>I’m not particularly fond of managing vmWare products. First of all, their product names confuse the heck out of me. The hypervisor ESXi Server is called <em>vSphere</em> and the server to manage vSpheres is <em>vCenter</em>. Second, they have five ways of managing them (possibly more, i’ve lost count by now)</p>
<ul>
<li>Hard core: ssh straight into the esxi server</li>
<li>Weird core: use PowerShell from my laptop (which i haven’t dared install, since it’s a Mac)</li>
<li>The native client, which isn’t available on a Mac</li>
<li>The HTML5 UI, which is missing <em>some</em> features (but won’t tell which)</li>
<li>The Flash UI – yes, Flash! – which has more features than the HTML5 UI but requires Flash.</li>
</ul>
<p>To install a license on the vCenter Server, you will need to use the Flash UI. But you don’t need to install Flash, thank you Google, because you can use the Chrome browser.</p>
<p>Open the Chrome browser settings (⌘,) and enter Flash in the filter box. Your UI will probably say <code>Ask first</code> , which you should click on. If it isn’t on Ask first, set it to Ask first. You can disable Flash later and then find this article once you need it again. Now <code>Add</code> the URL to your vCenter server in the Allow section. This may or may not do you any good, if the certificate for your vCenter server is valid or not. But at least do it as a reminder for yourself why you’ve enabled Flash.</p>
<p>Now go to the web UI of your vCenter server. It’s there on <code>https://vcenter.doma.in</code> (or wherever you installed it). Start the <code>Web Client (Flash)</code> and log in. If your certificate isn’t pki compliant (which is a fancy way of saying you’ve been out-confused by vmWare’s certificate maze), a small warning will flash (ha!) by at the right edge of your address bar, asking whether you want to allow Flash to run on this site. Click (quick!) to allow – even though you allowed it in the settings. Yeah, i know.</p>
<p>Once inside the flashy UI, hover over the button with a house and a hamburger menu (🏠≡) and select Administration. Then click Licensing > Licenses (<em>This</em> is why you need the Flash UI; Licensing is not available on the HTML UI, at least not today).</p>
<p>Click the Licenses tab, then the little green <strong>+</strong> sign. This will start an assistant where you can enter one or more license keys, give them snappy names (like <code>ESXi vSphere License</code> and <code>vCenter Server License</code> since they come as different license keys).</p>
<p>Once done, click the Assets tab. Your vcenter server should be on the list of assets. Click the line with it but don’t click any blue text if there is any (or click the Back button on the Navigation panel – not the browser Back button – if you did). Click the leftmost icon, which has an incomprehensible picture of an ID card with a white arrow on a blue dot on it. The mouse-over hover help text says <code>Assign license</code>, which is exactly what you want to do. Select the snappily named vCenter Server License (as snappily named in the paragraph above). Click OK.</p>
<p>Exhale. You’re done.</p>
llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-68719631557522055842017-12-08T10:07:00.001+02:002017-12-08T10:06:24.983+02:00When certificates don't certify<p>I’ve spent the last few days trying to fix a pretty weird munki problem on a computer i manage. Turns out it wasn’t a munki problem at all. It all boiled down to certificates.</p>
<p>The munki server runs over https. This environment has a home-baked PKI with a root certificate and an intermediate cert, which has signed the munki server’s cert. The root and intermediate certificates are nicely tucked in to the computers System keychain and the Mac is set to Always Trust the Root CA. All should be fine.</p>
<p>But while i could surf to my munki server with a browser or with curl, i could not get <code>managedsoftwareupdate</code> to work.</p>
<p>Instead of steaming off with what i tried and what didn’t work, i’ll just tell that a clue to why it didn’t. <em>I was not able to</em> <code>sudo curl https://munki.server</code>.</p>
<p>Turns out that the Root CA, even though it was in the System keychain, was only trusted by the currently logged in user. So i removed the Root CA from the System keychain, added it again from the command line:</p>
<pre><code>% sudo security add-trusted-certificate -d -r trustRoot \
-l /Library/Keychains/System.keychain path/to/ca.cert.pem
</code></pre>
<p>(Adding it from the GUI didn’t, somehow, help).</p>
<p>Et voilà, <code>managedsoftwareupdate</code> works again.</p>
<p>And i now think i know why. I believe i might have imported the root and intermediate certificates by dragging them into my login keychain using the Keychain Access app, then realising they were in the wrong spot, and drag-and-dropping them into the System keychain. That would explain how a cert in the System keychain, which should be available for the whole system, was only available for <code>$me</code>.</p>
<p>Silly <code>$me</code>.</p>
llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-55571329202687598642017-01-19T13:57:00.000+02:002017-01-19T13:57:27.230+02:00Validating your Munki manifests and pkgsinfos<p>Sometimes, bad things happen to your <tt>.plist</tt> files. Thus, it is prudent to run the following check on your Munki repo before deploying into production:</p>
<code>find {manifests,pkgsinfo} -type f -exec xmllint --output /dev/null {} \;</code>
<p>This will find all the files under the <tt>manifests</tt> and <tt>pkgsifo</tt> directories, check them for well-formedness (but not content; you might still have a typo in what you actually want to say!), and report only on the errors.</p>
<p>The output is sent to <tt>/dev/null</tt>, as <tt>xmllint</tt> would otherwise spew out all valid <tt>plist</tt> files to the terminal, effectively hiding any problems you might have had. A <tt>--quiet|-q</tt> option would have been cleaner...</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-37697186266445078402016-11-23T09:31:00.000+02:002016-11-23T09:31:07.628+02:00Things i'd like to learn as a sysadmin<p>These are (some of) the technologies i'd like to be proficient in, as a Mac sysadmin:</p>
<ul>
<li><a href="https://github.com/grahamgilbert/imagr/wiki">imagr</a></li>
<li><a href="https://github.com/MagerValp/AutoDMG">autodmg</a> and other ways to create images</li>
<li>...and packages</li>
<li>munki + git + autopkg + some kind of CI for linting and deployment</li>
<li>puppet + gitlab-ci + linting + deployment</li>
<li>ansible + gitlab-ci + linting + deployment</li>
<li>esxi + ansible (+ ci for linting)</li>
<li><a href="https://github.com/google/santa">santa</a></li>
<li><a href="https://github.com/grahamgilbert/crypt2" title="for Filevault deployment and key management">crypt2</a></li>
<li>lokgging, monitoring and alerting with <a href="https://www.influxdata.com/time-series-platform/" title="Telegraf, InfluxDB, Chronograf, Kapacitor">TICK</a>, <a href="https://www.elastic.co/products" title="Elastic, Logstash, Kibana, Beats">ELK + topbeat</a>, <a href="https://osquery.io/">osquery</a> and/or <a href="https://sensuapp.org/" title="Monitoring that does not suck">sensu</a></li>
<li>mdm (micromdm)</li>
<li>profiles</li>
<li>mcollective</li>
<li>sensu + puppet</li>
<li>docker</li>
<li>clever and useful dashboards</li>
<li><a href="https://github.com/wdas/reposado" title="Apple software updates server">reposado</a></li>
</ul>
<p>I use many of these technologies at work, but i still feel like i'm an inproficient hack with most of them. And as a sysadmin, i really like to know what i'm doing.</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-30894724608787879672016-06-21T10:20:00.000+03:002016-06-21T10:20:05.453+03:00Changing your network password on OS X Server<p>Macs often a local account to log on to their computers, even in a business environment (which may come as a chock to Windows admins). Changing the local password is just <tt>System Preferences → Users & Groups → Change password</tt>. This also works nicely if the Macs authenticate to a network server (or tends to). But to change the password of one's network account when the computer is not tied to a domain or an LDAP server, things get a little different.</p>
<p>As a user, go to the web page of your server (more specifically, the Mac server, running Open Directory -- hereafter just called The Server). If the sysadmin has done the job well, there should be fairly generic page coming up with links to a My Documents, All Activity, Wikis and People ... and at the bottom of the page, a link to <tt>Change Password</tt>. Click it. Authenticate, if needed, and change your password. Easy, if not altogether obvious.</p>
<p>Now if <em>you</em> are the sysadmin, things are yet more complicated. First, your server should have an SSL certificate. You should probably enable the Wikis service from the Server.app, if for no other reason that It Works On My Computer (we did that for the sole purpose of having a shared team calendar!). Now enable the <b>Websites</b> service. Double-click the bit that says Server Website (SSL) and check ☑ Allow users to change their password. Yeah, i admit it is well hidden. And now, users can change their network password! Woo-hoo!</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-7566669730999812672016-05-19T15:18:00.001+03:002016-05-20T09:17:20.504+03:00Removing unnecessary Puppet reports<p>A Puppet server i'm managing was running out of disk space and the culprit turned out to be Puppet's rather verbose report files. I had a whole bunch of reports which simply informed that the following umpteen files <em>were not changed at all</em>. This is both useless and wasteful, at 38 megs a report, per server, twice an hour. Even though the environment is small, i ended up with 22 gigs of reports...</p>
</p><p>After much googling and stackoverflowing, i came up with the following script:</p>
<code>#!/bin/bash
grep -Pzl "status: unchanged(\n)metrics" /opt/puppetlabs/server/data/puppetserver/reports/*/*.yaml > $(dirname $0)/unchanged-reports # this is one long line, not four
while read p; do
sed '/metrics:/,$d' $p > ${p}.0
rm $p
mv ${p}.0 $p
done < $(dirname 0)/unchanged-reports
</code>
<p>Run as root. Comment out the <tt>rm</tt> and <tt>mv</tt> bits if you're nervous or you just want to experiment.</p>
<p>The command line switches for grep (only work on GNU Grep, ie on Linux):
<dl>
<dd><tt>P</tt> turns on <em>experimental Perl regexp mode</em> and can potentially break things</dd>
<dd><tt>z</tt> will effectively allow for multiline regexp patterns</dd>
<dd><tt>l</tt> will return the file name where the pattern was found rather than the pattern itself</dd>
</dl>
</p>
<p>And then you can automate this, say, with <tt>cron</tt>.</p>
<p>In addition to this script, i use <tt>logrotate</tt> to compress and eventually remove old report files.</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-58408207386748839232016-05-15T11:23:00.000+03:002016-05-15T17:29:51.996+03:00Mac tip: what's eating your net<p>Mac command line tip of the day:
</p><p><tt>nettop</tt>
</p><p>...and then press <tt>c</tt> and <tt>d</tt>.
</p><p>This will show you which programs (or more to the point, processes) use your network connection and how much. <tt>c</tt> collapsed the rows so you don't get one line per connection (you can get back to the expanded view by pressing <tt>e</tt>). “Delta mode” <tt>d</tt> would show you how much network capacity each program (or connection, if you're in expanded view) is using <em>right now</em> and pressing <tt>d</tt> again will take you to showing the total amount of traffic transported.
</p><p>If you want to get geeky, you can toggle <tt>p</tt> to see the number of bytes transported rather than the more human readable so and so many megs or gigs.
</p><p>Use the arrow keys to scroll to the sides for more statistics (use <tt>j</tt> to select which stats to display) and up-and-down if you have a really large number of programs on the list, or are watching the expanded view.
</p><p>Finally, <tt>h</tt> will bring you the help screen so you don't have to remember all the keys i just wrote about :D</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-79804452970373547332015-07-21T11:27:00.002+03:002015-07-21T11:28:26.034+03:00How to get the IP address of a Mac<p>Every time you connect a new network adapter to a Mac, you get a new Ethernet device configured to your computer. This is of both logical and expected, but it means that you can't really tell what the name of your currently active network interface is. This makes things like checking your IP address a bit cumbersome.<p>
<p>And here's a shell script to remedy:</p>
<pre><code>
#!/bin/bash
interface=$(route get default| awk '/interface: / {print $2}')
ipconfig getifaddr $interface
</code></pre>
<p>This will only return the IP address of your default NIC. If you have more than one active network interface, you'll have to take the long route :)</p>
llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-72263014779743826282015-06-25T15:27:00.001+03:002015-07-21T11:28:54.763+03:00I made an Internet Button<p><strong>Along comes a few days of solo summer vacation and i’m off to the countryside. So what can a man do out in the wild? Hack.</strong></p>
<p>An <em>Internet Button</em> is a button which, when you press it, makes something happen on the Internet. It’s the Internet of things equivalent of a <em>Hello, World!</em> program, and i made one yesterday built on the Proton Core platform.</p>
<p>A Core is basically an Arduino compatible microcontroller with a Wi-Fi chip slapped on, and a cloud environment to support the whole shabang. I’ve had two of these Spark Cores (as they were known then) for well over a year now, since backing them on a Kickstarter campaign, but i’ve never really got around doing anything sensible with them. The problem was always that the Wi-Fi connection dropped after some time and then the program crashed. So i borrowed my chips to a couple of colleagues (on <a href="http://houm.io">houm.io</a>) who used them to draw attention and open a door. Eventually i got them back, and they were left to gather dust in my geek cave.</p>
<p>Since the new Particle Proton chips are finally going to ship now, i’d read a bit on the documentation and decided to give my Cores another spin. The results, along with the instructions on how to get the button on the Internet, <a href="https://github.com/llauren/slackbutton">are on Github</a>.</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-57838283884291135622015-02-13T11:38:00.001+02:002015-02-13T11:41:47.027+02:00Create an encrypted USB disk from the command line<p>This recipe will</p>
<ul>
<li>create a semi-random disk name and a fairly safe password</li>
<li>erase and encrypt the disk <code>diskdevn</code> (use <code>diskutil list</code> to figure out which one it really is or face potentially unfavourable consequences) </li>
<li>save the credentials into the file <code>USBdisks.db</code> in your home directory (or where-every you point the variable <code>passfile</code> </li>
</ul>
<h1 id="code">code</h1>
<pre><code># (c) Robin Laurén 2015
# License: BSD 2-clause
#
diskdevn=/dev/disk4 # nopd: you may want to edit this one
passfile=~/USBdisks.db
diskname=USBdisk-$(pwgen -B 4 1)
diskpass=$(pwgen -s 16 1)
diskutil partitionDisk /dev/disk4 1 GPT jhfs+ $diskname 100%
diskutil cs convert $diskname -passphrase $diskpass
echo "$diskname $diskpass" >> $passfile
</code></pre>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-51964927772043336672015-02-13T11:35:00.001+02:002015-02-13T11:40:19.095+02:00Create an encrypted USB disk from the command lineOops. This post was published in markdown and now i can't change that. See next post for correct formatting :)llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-74318038906549544942014-05-13T13:43:00.001+03:002016-05-15T11:24:11.867+03:00Using a USB MIDI device as an OSX keyboardIf you have done any amount of programming or system administration, you must surely have come across the frustration of having to press a keyboard <em>chord</em> to produce important glyphs like <code>{</code>, <code>}</code> or <code>~</code>. To battle <a href="http://en.wikipedia.org/wiki/Repetitive_strain_injury">RSI</a>, i present how to use a cheap external MIDI controller like the <a href="http://www.amazon.com/gp/product/B002M8EEW8/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B002M8EEW8&linkCode=as2&tag=nados-20&linkId=R77L3L4ZIP45LLSW">AKAI LPD8</a> or the <a href="http://www.amazon.com/gp/product/B004M8YPKM/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B004M8YPKM&linkCode=as2&tag=nados-20&linkId=7ELTKB2RS6JMR7EL">Korg Nanopad 2</a> as a keyboard for those all important programmer keys on a Mac running OS X.<br />
In addition to a USB MIDI controller, you’re going to need the following, rather ancient software and resources:<br />
<ul>
<li>Charlie Roberts’ <a href="http://www.charlie-roberts.com/midiStroke/">midiStroke</a></li>
<li>The <a href="http://www.snoize.com/MIDIMonitor/">snoize MIDI monitor</a></li>
<li>Greg Loskorn’s <a href="http://www.barryrudolph.com/greg/midi.html">MIDI note-to-number lookup table</a></li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKDRSnBCnpoGjZcE062bOW7c7GJo6X_ynKcTD7ZltR6iJdwF14xgqDM5UgaXzRCtKM5U6o_lTDb1QGKwtuP0tU0aupbK6u5T_EnkHnQbOFU1dh4SFh0CzAsPWxkD3I-DIAImi2t_UeHGt1/s1600/Screenshot+2014-05-13+13.30.54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKDRSnBCnpoGjZcE062bOW7c7GJo6X_ynKcTD7ZltR6iJdwF14xgqDM5UgaXzRCtKM5U6o_lTDb1QGKwtuP0tU0aupbK6u5T_EnkHnQbOFU1dh4SFh0CzAsPWxkD3I-DIAImi2t_UeHGt1/s1600/Screenshot+2014-05-13+13.30.54.png" height="346" width="400" /></a></div>
Plug in your controller. From MIDI monitor, select the appropriate <strong>Source</strong> and start tapping your controller’s buttons. Choose some appropriate buttons for the glyphs you want to map to.<br />
Using the MIDI note number table, look up the corresponding number. On my AKAI LPD 8, the first button is C1, and its number is 36.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLKK-p6oDZtgWvTpRRwuAK6ZOdYkrMpBYx3qq5RTl9ZuOgmgpk2msR1VmXzoHGOH8kmGZ9Smi78QmVhPGc7exeYSUZzLzfQtOpptOOvvNAmxy9GTaw3OjpO0pr9gu7UDjpWbJTMIyyobNH/s1600/Screenshot+2014-05-13+13.52.54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLKK-p6oDZtgWvTpRRwuAK6ZOdYkrMpBYx3qq5RTl9ZuOgmgpk2msR1VmXzoHGOH8kmGZ9Smi78QmVhPGc7exeYSUZzLzfQtOpptOOvvNAmxy9GTaw3OjpO0pr9gu7UDjpWbJTMIyyobNH/s1600/Screenshot+2014-05-13+13.52.54.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Now here comes the tricky part. In midiStroke, press the plus icon on the left to add a button. Double click the default value (probably 45) and change it into the correct one. Now click the plus icon on the right. If you want a bracket, you’ll need to enter the “unshifted” key and select the relevant modificator keys. Since i’m using a Finnish keyboard layout, i use keystroke <code>8</code> with <code>Shift</code> and <code>Alt</code> modificator keys. Your milage may vary.<br />
You can use “special keys” like <code>Enter</code> and <code>Esc</code> by using their names. Press the <code>keystrokes</code> button to plop up the help pane and simply add the name of the key (like <code>ENTER</code>) in the Keystroke field.llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-43307093484991777452014-02-04T11:28:00.001+02:002014-02-04T11:28:26.427+02:00Remapping Tilde<p>If you’re a hacker, developer or a sysadmin, and you work with a non-US keyboard layout, you’ve probably been annoyed a time or two that the tilde ~ character is so hard to hit. On a Finnish keyboard, it’s behind <code>Alt</code> + <code>¨</code> after which you need to press the space bar unless a the next character with a tilde on it doesn’t exist. So <code>Alt</code>+<code>¨</code> <code>Space</code> <code>a</code> if you want to type ~a. </p>
<p>If you’re on a Mac, i’ve got help for you.</p>
<ul>
<li>Download the <a href="http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=ukelele">Ukelele</a> keyboard remapping app from Sil.org. Extract and optionally add to your Applications folder.</li>
<li>Choose <code>File</code> > <code>New from Current Input Source</code></li>
<li>Click the paragraph <code>§</code> key, because that’s the one we’re going to re-map. Or pick another key you want begone.</li>
<li>Give your layout a name: <code>Keyboard</code> > <code>Set Keyboard Name...</code> to distinguish it from the original one.</li>
<li>Optional syntactic sugar: <code>Keyboard</code> > <code>Attach Icon File</code>. Re-purpose an icon from the Ukelele example keyboard layout folder.</li>
<li>Save the keyboard layout file to ~/Library/Keyboard Layouts/</li>
<li>Open <code>System Preferences</code> > <code>Keyboard</code> > <code>Keyboard</code> > <code>Input Sources</code> (OSX 10.8). Locate and tick your newly saved and named Layout.</li>
<li>Choose your new layout from the icon close to the clock at the top menu bar.</li>
<li>Profit!</li>
</ul>
<p>There are several nice things about this method. You can share your keyboard layout with your peers. You can go wild and re-map any normal key that you like. And you can always go back to normality in case your re-mapping went a little <em>too</em> wild :)</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-37842847065108201662014-01-29T09:49:00.002+02:002014-01-29T10:01:20.594+02:00My bed senses me<p>My bed has -- with varying degrees of success -- kept track of my sleep during the last few months using the <a href="http://beddit.com">Beddit</a> <i>Pro</i> tracker. I got to borrow this from a friend who works for Beddit while waiting for the <a href="http://www.indiegogo.com/projects/beddit-automatic-sleep-and-wellness-tracker-turn-your-bed-into-a-smart-bed">Indiegogo edition Beddit</a> sensor to arrive. Now it has. <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhypGX7bcA33YnRyo0uIYn3lV5Z5nPiIYy1LNdQ4sHIdGqS29LQMVipaDpAMJUhzjqbAF3X4i4HA7HpsiX02KAZPc2AnSC8KKMrhYevYa7ycmlmHVK-kdgYasJxNgleTsYtDNymUZaMtdW8/s1600/IMG_20140129_092118.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhypGX7bcA33YnRyo0uIYn3lV5Z5nPiIYy1LNdQ4sHIdGqS29LQMVipaDpAMJUhzjqbAF3X4i4HA7HpsiX02KAZPc2AnSC8KKMrhYevYa7ycmlmHVK-kdgYasJxNgleTsYtDNymUZaMtdW8/s320/IMG_20140129_092118.jpg" /></a></div>
</p>
<p>The beddit sensor technology is pretty fascinating. Basically, the sensor band registers tiny variations in pressure and with a lot of clever signal processing, can deduce my breathing, heartbeat and movements from it. What's really fascinating is that the same sensor technology could be put under a leg of a comfy chair and was able to pick up my heartbeat and breathing through the layers of chair and comf. I was impressed. What's really <i>really</i> fascinating is that in a demo, the sensor could pick up the heartbeat from a driver sitting in a van with the engine on. I haven't seen this demo but it's supposedly there on Youtube.</p>
<p>The Beddit Pro is a small embedded computer with one or two "ballistocardic" sensors. You connect one side to your LAN with wired or wireless Ethernet and put the sensors under the sheets of your bed. And then you sleep (or do whatever you do in your bed). I admit that the first night or two, i was very conscious of the sensor but that faded quickly.</p>
<p>The results of the Pro are more or less credible. For my wife, they were pretty much off the charts, as she goes into a bit of a coma when reading in bed -- or at least that's what the Beddit thinks. The most confusing bit is that the system reports i got around one hour of deep sleep, and i really have no idea if that's a good thing or a bad one. The results themselves are viewable on Beddit's web site and you can add comments to your sleep diary if you want. </p>
<p>The web site is a bit clunky to use, but the new Beddit tracker runs uses your mobile device (phone, tablet, Android or IOS thingy...) as proxy to the Beddit mainframe. As the results will be in an app instead than on a web site, my hopes are that this'll be easier to use.</p>
<p>Finally, what i'm really hoping for is proper integration with other trackers out there. My hopes is that i can plug all sorts of biometrics into <a href="http://humanapi.co/">Human API</a> and spin and mash my data from there. We'll have to see.</p>
<p>Tonight i'll connect the new sleep tracker and in a week from now, i should have something new to report.</p>
<p><i>PS: This would have been a typical post to my normal blog, but as it's down (see previous post) you'll see it here.</i></p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com2tag:blogger.com,1999:blog-7881898846397249901.post-64494084358135773942014-01-28T18:33:00.001+02:002014-01-28T18:33:20.647+02:00Navelfluff is gone (for now)<p>It’s rather tragic that i didn’t even realise that the funding account for my blog ran out and i didn’t even notice. And that the blog fell off the Internet (due to zero funding) and i didn’t even notice. And was deleted, along with all its settings, and i didn’t even notice.</p>
<p>On the bright side, i had set up automatic backups that were sent to my mail. And now i have a learning opportunity to see what i should be doing with them. Oh dear oh dear.</p>
<p>Considering the lack of time and enthusiasm i’ve had for blogging lately (and that i have an other outlet for my occasional fifteen milliseconds of fame, namely <a href="https://www.google.com/+RobinLauren">Google+</a>, i’m not sure when i’ll restore Navelfluff. </p>
<p>So rest in bits, <a href="http://www.navelfluff.org">Navelfluff</a>, and you shall most definitely resurrect. Eventually.</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com1tag:blogger.com,1999:blog-7881898846397249901.post-9519952526220201612014-01-28T17:28:00.001+02:002014-01-29T09:50:56.816+02:00So i got myself a Chromebook<p>Out of sheer curiosity, i got myself a Samsung Chromebook, Model 3, eleven inch screen. The form factor was right, the weight seems right, the price point is right. Hopefully, the wife acceptance factor is alright too – she just got her first Android phone so accessing her stuff on a laptop should appeal.</p>
<p>I too have most of my personal and social life in the googleverse, so no wonder i was intrigued by a browser with a keyboard attached to it. Thankfully, you can get both ssh and mosh as windowed applications to it. There’s even a <em>Terminal</em> app, though it seems to be running on a virtual machine at Koding (which in itself is a nice surprise – i haven’t used Koding for a while but this might just inspire me to!)</p>
<p>The form factor of the Samsung is comparable to my mac, the keyboard is a bit stiffer and feels a bit strange despite being quite bearable for a machine at this price point. But despite the similar looks, it surely is no mac (but hey, what do you expect for 15-20% of the price of a Macbook pro :)</p>
<p>The most glaring difference is the display. The resolution is a mere 1366x768 and if there existed a chromebook at a fairly regular price with 1920x1080 HD resolution, i’d pay the difference in a jiffy. Another pretty obvious difference is speed. An Intel i-series processor and 16 GB of memory is no match to this puppy, but then, i wasn’t expecting a match. And it’s plasticky, not aluminium.</p>
<p>But put in another way, you get quite a lot of laptop for three hundred bucks.</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-81353307759382314382014-01-28T17:06:00.001+02:002014-01-28T17:07:34.218+02:00Markdown<h1 id="hej-dingleli-dång">Hej dingleli dång!</h1>
<p>Detta har jag skrivit med Markdown.</p>
<p><em>For all other purposes, consider this a test</em></p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-82359273676036383082013-09-24T13:10:00.001+03:002013-09-24T13:10:18.815+03:00Chromecast dongle works as advertisedI've had my Chromecast dongle in operation for a few days, and it's all been most undramatic. First, i was a bit unnerved because the Chromecast Android app is locked by geography -- you can only install it on your mobile device if you're where-ever Google demands geographically correct. USA only, i'm guessing. But that was not the case for the Chromecast OSX app needed to get the plug running.<br />
<h3>
Setup in three painless steps:</h3>
<b>Step one:</b> plug the dongle into a free HDMI port and connect the USB power.<br />
<b>Step two:</b> Turn the telly to the correct HDMI source (this may be the last time you're going to do this operation -- bear with me!)<br />
<b>Step three:</b> Go to the URL displayed on your telly, download the Chromecast app. The dongle will invent a passcode which you only need to visually inspect that it's the right one (no entering passwords -- yay!) and you have the chance to rename your dongle to something you like.<br />
Your telly has now become a wireless Youtube- and Netflix- catcher. Run Netflix on your Android device and you'll see a box-with-arcs icon. Click it, and the dongle takes over. <i>If you have a HDMI-CEC compliant television, the teevee will most probably automagically switch to the correct input.</i> Awesome. No plugin or mobile app required. It Just Works&TM;<br />
You can also download a plugin to the Chrome browser, to send browser tabs to your television. Or to the display/projector in the meeting room (which is something we'll probably look at at work some day soon). Sans wires. Nice. The browser plugin is not geographically closed, thank heavens.<br />
<h3>
The future so bright</h3>
There are two things i'm hoping to see next. First, a way to send pictures, from my computer, from my G+ collection or from a "third party" operation like Flickr or my Lightroom. And second, to have Chromecast to act as a display adapter for fairly static and latency-tolerant material. The closest thing we now have is a casting a browser tab, but casting to an external screen would be nice, even if it really is a little outside what i believe to be the Chromecast idea.<br />
Well, three really. I hope that Google scraps that stupid restriction by geography. It's a round world, and it's all one. Borders don't really apply to communication.llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-62922022801128470802013-08-18T21:29:00.002+03:002013-08-18T21:29:51.800+03:00Silencing Pebble notifications for the night with Llama (this might work)I finally got my Pebble watch yesterday, after waiting for a nearly a year and a half (watching my colleagues wear their black Pebbles, which arrived this spring...). It is rather nifty, and a piece of wearable computing i might find myself walk around with daily. The white colour makes me think of iPods back in the time when they were white and plasticky. I just hope this one doesn't scratch as easily.<br />
<br />
As i went to bed, i was greeted (and annoyed) with another notification, so i shut down the Pebble application. This had the unfortunate side effect that i need to manually restart the app. Hardly very "smart".<br />
<br />
I use a fantastic app called <a href="http://kebabapps.blogspot.com/">Llama</a> on my phone to keep it quiet at night (and i'm home and the phone is in the charger) and normal when i'm at work (and normal again when i'm leaving work in case i forgot it on quiet when i was at work, and so on). So next i'm going to try whether switching off Bluetooth with Llama during quiet night time will do the job. Other possible outcomes are that the Pebble app will crash, or that it will re-enable Bluetooth. Or that the Pebble app won't reconnect automagically once Bluetooth is re-enabled in the morning.<br />
<br />
But hey, it's worth a try. And if you are using an Android phone, you should be using Llama :)llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-64589214011883251862013-06-19T11:35:00.000+03:002013-06-19T11:35:01.049+03:00Two-step verification on Google (and Twitter and Facebook)After hearing enough stories of "<i>identity theft can't happen to me" </i>and then getting a mail from Google whether i'd like to connect my new mail account to this one, i decided to ramp up my Google account security a bit. Didn't want my mail snitched. This mail is my life.<br />
<br />
There's an easier way than using v€rY-c0M₱£æ⨉-Ƥάßw0r𝑑Ƶ, and it's Two-step Verification. That's securitech lingo and basically means that you log in to a site using something you know <b>and</b><i> </i>something you have, eg a secret handshake and a funky looking hat. Or your signature and a hot wax seal. Or, as is more convenient in the on line world, your password and your cell phone.<br />
<br />
<b>Setting up Two-step verification will probably take less time for you than reading this post.</b><br />
<br />
Setting up two-step verification is fairly painless on Google. Go to the Google <a href="http://www.google.com/landing/2step/">Two-step landing page </a>and watch a video to get comfortable. Click the big blue Get Started-button. Enter your password (which <i>should </i>be fairly non-guessable by a computer and at least nominally different from the password you're using on Facebook, Twitter, Reddit, Hotmail, your bank account and all those p0rn sites).<br />
<br />
If you have an Android/iPhone/Blackberry phone, you can now download the Google Authenticator app. Or if you're lazy, don't want more apps on your phone, or have some other technology installed, you can use SMS authentication. This is what i used first. Click the appropriate buttons and you're go.<br />
<br />
What now will happen is this: When you log on to a service using your Google account, you use the password you <b>know</b> and you'll get an additional step (hey, it's called two-step for a reason). Goog will ask for a secret code, which you'll either get from the Authenticator app or as a text message. From the phone that you <b>have</b>. Enter this and you're in.<br />
<br />
<b>Next time you access the same application with the same computer, you will not be bothered by the second step.</b> Unless you really want to :)<br />
<br />
Now: devise and implement a backup plan. It'll take you two minutes and save you when the situation hits the fan. Add a backup phone number or two into the system for when your phone falls into water or gets trampled by a moose. Print out some backup codes on actual paper, cut off the bits that identify them as Google codes, and save them far from your phone. And the moose. And water of any kind.<br />
<br />
Google of course is bigger than GMail. You can authenticate to a bunch of sites using your Google account. There are apps that don't know about the two-step dance. My Apple TV thingy can play Youtube videos but don't know wits about no two-steps. For instances like these, you can create passwords for those apps, called <b>application-specific passwords</b>. From the two step management page you set the verification settings in the first place, click the appropriate link, enter a name for your password (eg "Apple TV") and press Generate password. Then copy-paste this into the application. The password is split into bits by spaces, which you don't need to fill in.<br />
<br />
<b>Twitter</b> has also implemented two-step verification. They do, however, not yet have the provision for extra phone numbers, so if you lose your phone to a moose or the gods of salt water, you are basically spinning around with that fan and the situation. IWS has <a href="http://www.informationweek.com/security/management/twitters-two-factor-authentication-5-rea/240155539">the details</a>.<br />
<br />
<b>Facebook</b> also has a two-step verification in place, called <a href="https://www.facebook.com/note.php?note_id=10150172618258920">login approval</a>, which uses your phone to ask for logins from new devices. While you can't add more phones to your arsenal, you can manage login sessions from a browser that's already approved. To enable, go to your Facebook page, click the little padlock icon which currently lives on the top right of the page, next to your name and face, and the Home link and the cogwheel. From the dropdown, click See more settings, click Security → Login notifications and check Mail and/or Text message. You'll need to register your phone number with Facebook if you want the second option to work.<br />
<br class="Apple-interchange-newline" />And that's it. You are now a lot safer than you were.llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-47647262384519727912013-06-16T22:26:00.000+03:002013-06-16T22:27:34.248+03:00I command you to napI finally found out how to properly ask my Mac to take a nap. First unmount (tech talk for "disconnect") the backup disk that i always have connected into the USB hub. I naïvely assume it will always be identified as /dev/disk1 because because i'm lazy and i haven't given it a label. I suppose that would be the better way. Then, uh, tell Finder to sleep. Whoa.
<br />
<br />
And after waking up, try to mount the backup disk again.
<br />
<br />
So save this as ~/bin/nap and make it executable by casting the spell <tt>chmod u+x ~/bin/nap </tt>from the terminal.<br />
<br />
<div class="bash" style="background-color: #f0f0f0; border: 1px solid #d0d0d0; color: #000066; font-family: monospace;">
<span style="color: #666666; font-style: italic;">#!/bin/bash</span><br />
<br />
diskutil unmountDisk <span style="color: black; font-weight: bold;">/</span>dev<span style="color: black; font-weight: bold;">/</span>disk1<br />
osascript <span style="color: #660033;">-e</span> <span style="color: red;">'tell application "Finder" to sleep'</span><br />
<br />
diskutil mountDisk <span style="color: black; font-weight: bold;">/</span>dev<span style="color: black; font-weight: bold;">/</span>disk1</div>
<br />
Didn't think it would be so simple. I guess i'm just bad at googling :)<br />
<br />
[<a href="http://osxdaily.com/2012/07/22/sleep-a-mac-from-the-command-line/">via</a>]<br />
[<a href="http://quickhighlighter.com/">quick highlighter</a>]llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-73371084451728005882013-05-30T11:49:00.000+03:002013-05-30T11:51:08.471+03:00Use etckeeper to version-control your config files<p><a href="http://joeyh.name/code/etckeeper/">etckeeper</a> is a utility which keeps copies of your Linux (etc.) box's configuration files in a version control system. It ties into apt-get so each time you update/upgrade your system, your files in /etc are backed up. Which is nice. And of course you can request a snapshot of your /etc-files manually, before you start experimenting. Which is nice. Especially after you've munged your etc-file and stuff doesn't seem to work anymore. Been there, done that. xorg.conf i remember thee with pain.</p>
<p>As we use etckeeper here at work, i decided to install it on my home box. It was remarkably painless with a little help from <a title="Using etckeeper with git on Ubuntu" href="http://evilrouters.net/2011/02/18/using-etckeeper-with-git-on-ubuntu/">a post from Evil Routers</a>. I see no reason to repeat what's written there, so just follow the link. It's a five minute exercise and you'll be safe(r).</p>
<p>Now if i need to pick up the habit of always doing a <span style="font-family: Courier New, Courier, monospace;">cd /etc && sudo etckeeper commit </span>before i touch an /etc-file -- or to find some mechanism that does it for me automagically :)</p>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-86225575224875279032013-05-29T12:47:00.001+03:002013-05-29T12:58:40.341+03:00Re-installing a Mac with an older OSX<b>TL;DR</b> To re-install an older OSX on a newer one, you'll first need a newer OSX install media to wipe the disk.<br />
<br />
The workflow for paving a Mac with an older version of OSX than it's currently running is this:<br />
<br />
<ul>
<li>From an external medium, run an OSX installation that is at least as new as the OSX currently running. An older installation won't start.</li>
<li>Start Disk Tools and erase the Mac's hard disk. Use the Journalling file system.</li>
<li>Boot with the older OSX installation media inserted and the Alt key pressed.</li>
<li>Install the older OSX.</li>
</ul>
<br />
Frustrating when software doesn't let me Do Dangerous Stuff :)<br />
<br />
Next time i'll just use <a href="http://www.dban.org/">dban</a>. Let's see how that goes.llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0tag:blogger.com,1999:blog-7881898846397249901.post-32630222571112546042013-05-20T16:17:00.000+03:002013-05-20T16:17:50.868+03:00You'll need a tray<p>I needed (ok, i <em>wanted</em>) to print a few configuration files from the command line (Linux/OSX). While Unix may provide us the command <tt>lpr</tt>, the path i wanted to follow was <tt>nc</tt> (ie <em>netcat</em>). This turned out, shall i say, into a Learning Experience&tm;. </p>
<p>Gear involved: a Mac, a Linux server, a HP printer, patience and google. </p>
<p>The problems i encountered were:</p>
<ul>
<li> Line endings. My files ended in a <tt>\n</tt> newline, whereas the printer wanted <tt>\r\n</tt> carriage return + newlines.</li>
<li> The printer wanting me to press the green checkmark button that i indeed wanted to print the file</li>
<li> nc which seemed to hang (but didn't)</li>
</ul>
<p>Transforming one kind of line endings to another seems like a trivial thing. That's why we have the <a href="http://en.wikipedia.org/wiki/Unix2dos">unix2dos and dos2unix</a> utilities. Except they weren't installed on my Mac or on the Linux server i was going to print from. But hey, that's why you have <tt>sed</tt>. Except that sed seems to care for lines, not for files, so i ended up transforming the files with perl, thusly: </p>
<code>for F in *.conf; do perl -p -e 's/\n/\n\r/g' $F > $F.lpr ; done</code>
<p>This created seemingly identical files from the original ones, but with linefeeds changed to cr+lf. To validate, i ran my new favourite spell: <tt>od -a <em>filename.conf.lpr</em></tt>, which dumps out all characters, including the "invisible" ones, in a geekly manner.</p>
<p>I then tried to print a file, by chanting <tt>cat <em>somefile.conf.lpr</em> | nc <em>printer</em> 9100</tt>. Three things did not happen. Netcat seemed to hang, the printer didn't print, and ... well, the printer didn't print. It felt like three things anyway. The printer didn't print because a) it didn't know which tray to print from, b) it was probably confused of the paper size, and c) when i tried sending the printer all the files, it threw away all but the first. Or last. The result was that to print the files, i had to netcat them one at a time, then run to the printer, press the green button twice, get my hardcopy, walk back to my terminal, press ^C and netcat the next one. Which was neither convenient nor elegant.</p>
<p>To remedy, i tried adding a form feed to each document:</p>
<code>for F in *.lpr; do echo -e '\f' >> $F ; done</code>
<p>Not sure it did anything though, because the above problem remained.</p>
<p>Problem one: the paper must automagically come from the right tray. Problem two: netcat must do its thing in a netcatly manner, ie deliver the payload and quit. </p>
<p>In my search for an answer to problem two, i came upon the answer to problem one. When one talks with the printer (in a Jetdirect manner, so to speak), the printer waits for more data until we politely tell it that that'll be all thank you very much and close the door. Which is nice and all, but not very productive.</p>
<p>The solution is to tell netcat to deliver the stuff, wait a second, and then hang up. Thusly:</p>
<code>cat <em>somefile.lpr</em> | nc -q 1 <em>printer</em> 9100</code>
<p>This restored normality in one second flat. Nice.</p>
<p>The final trick was the hardest, and it involved PJL. To prepare a spell to switch to tray four, speak thusly:</p>
<pre>
echo -e "\033echo -e "\033%-12345X@PJL
@PJL SET MEDIASOURCE = TRAY4
@PJL ENTER LANGUAGE = PCL
" > select-tray4.pjl
</pre>
<p>To have the page print, cast the following:</p>
<code>(cat select-tray4.pjl & cat <em>somefile.lpr</em> ) | nc -q 1 <em>printer</em> 9100</code>
<p>As always, there is probably a More Elegant way to do this, but hey, it works on my machine :)</p>
<a href="http://www.codinghorror.com/blog/2007/03/the-works-on-my-machine-certification-program.html">
<img alt="works on my machine, starburst" border="0" eight="193" src="http://codinghorror.typepad.com/.a/6a0120a85dcdae970b0128776ff992970c-pi" width="200" /></a>llaurénhttp://www.blogger.com/profile/04068903248575812756noreply@blogger.com0